I'm trying to send an email through the gmail API from a Node.js application. I had this working, following the documentation and using the node-mailer package. However, I noticed that when we change our organizations password, the connection is no longer good (which makes sense). I'm therefore trying to authorize with a JWT instead.
The JWT is correctly generated and posted to https://oauth2.googleapis.com/token. This request then returns an access_token.
When it comes time to write and send the email, I tried to simply adapt the code that was previously working (at the time with a client_secret, client_id and redirect_uris):
const gmail = google.gmail({ version: 'v1', auth: access_token });
gmail.users.messages.send(
{
userId: 'email',
resource: {
raw: encodedMessage
}
},
(err, result) => {
if (err) {
return console.log('NODEMAILER - The API returned: ' + err);
}
console.log(
'NODEMAILER Sending email reply from server: ' + result.data
);
}
);
The API keeps returning Error: Login Required.
Does anyone know how to solve this?
EDIT
I've modified my code and autehntication to add the client_id and client_secret:
const oAuth2Client = new google.auth.OAuth2(
credentials.gmail.client_id,
credentials.gmail.client_secret,
credentials.gmail.redirect_uris[0]
);
oAuth2Client.credentials = {
access_token: access_token
};
const gmail = google.gmail({ version: 'v1', auth: oAuth2Client });
gmail.users.messages.send(
{
userId: 'email',
resource: {
raw: encodedMessage
}
},
(err, result) => {
if (err) {
return console.log('NODEMAILER - The API returned: ' + err);
}
console.log(
'NODEMAILER Sending email reply from server: ' + result.data
);
}
);
But now the error is even less precise: Error: Bad Request
Here's the final authorization code that worked for me:
var credentials = require('../../credentials');
const privKey = credentials.gmail.priv_key.private_key;
var jwtParams = {
iss: credentials.gmail.priv_key.client_email,
scope: 'https://www.googleapis.com/auth/gmail.send',
aud: 'https://oauth2.googleapis.com/token',
exp: Math.floor(new Date().getTime() / 1000 + 120),
iat: Math.floor(new Date().getTime() / 1000),
sub: [INSERT EMAIL THAT WILL BE SENDING (not the service email, the one that has granted delegated access to the service account)]
};
var gmail_token = jwt.sign(jwtParams, privKey, {
algorithm: 'RS256'
});
var params = {
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion: gmail_token
};
var params_string = querystring.stringify(params);
axios({
method: 'post',
url: 'https://oauth2.googleapis.com/token',
data: params_string,
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}).then(response => {
let mail = new mailComposer({
to: [ARRAY OF RECIPIENTS],
text: [MESSAGE CONTENT],
subject: subject,
textEncoding: 'base64'
});
mail.compile().build((err, msg) => {
if (err) {
return console.log('Error compiling mail: ' + err);
}
const encodedMessage = Buffer.from(msg)
.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
sendMail(encodedMessage, response.data.access_token, credentials);
});
});
So that code segment above uses a private key to create a JSON Web Token (JWT), where: iss is the service account to be used, scope is the endpoint of the gmail API being accessed (this must be preauthorized), aud is the google API oAuth2 endpoint, exp is the expiration time, iat is the time created and sub is the email the service account is acting for.
The token is then signed and a POST request is made to the Google oAuth2 endpoint. On success, I use the mailComposer component of NodeMailer to build the email, with an array of recipients, a message, a subject and an encoding. That message is then encoded.
And here's my sendMail() function:
const oAuth2Client = new google.auth.OAuth2(
credentials.gmail.client_id,
credentials.gmail.client_secret,
credentials.gmail.redirect_uris[0]
);
oAuth2Client.credentials = {
access_token: access_token
};
const gmail = google.gmail({ version: 'v1', auth: oAuth2Client });
gmail.users.messages.send(
{
userId: 'me',
resource: {
raw: encodedMessage
}
},
(err, result) => {
if (err) {
return console.log('NODEMAILER - The API returned: ' + err);
}
console.log(
'NODEMAILER Sending email reply from server: ' + result.data
);
}
);
In this function, I am creating a new googleapis OAuth2 object using the credentials of the service account (here stored in an external file for added security). I then pass in the access_token (generated in the auth script with the JWT). The message is then sent.
Pay attention to the userId: 'me' in the sendMail() function, this was critical for me.
This is the way I was able to only use googleapis package instead of axios + googleapis with your service account. You will need domain wide authority for this account with the scope used below associated with it. Follow this to do that https://support.google.com/a/answer/162106?hl=en
You can also use the mailComposer example up above to create the email. keys is the service_credentials.json file you get when making this service account
const { google } = require('googleapis');
const scope = ["https://www.googleapis.com/auth/gmail.send"];
const client = new google.auth.JWT({
email: keys.client_email,
key: keys.private_key,
scopes: scope,
subject: "emailToSendFrom#something.com",
});
await client.authorize();
const gmail = google.gmail({ version: 'v1', auth: client});
const subject = '🤘 Hello 🤘';
const utf8Subject = `=?utf-8?B?${Buffer.from(subject).toString('base64')}?=`;
const messageParts = [
'From: Someone <emailToSendFrom#something.com>',//same email as above
'To: Someone <whoever#whoever.com>',
'Content-Type: text/html; charset=utf-8',
'MIME-Version: 1.0',
`Subject: ${utf8Subject}`,
'',
'This is a message just to say hello.',
'So... <b>Hello!</b> 🤘❤️😎',
];
const message = messageParts.join('\n');
// The body needs to be base64url encoded.
const encodedMessage = Buffer.from(message)
.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
const res = await gmail.users.messages.send({
userId: 'me',
requestBody: {
raw: encodedMessage,
},
});
console.log(res.data);
I am using Google Drive javascript api V2 to download files. This has been working just fine for some time but today it is failing, returning status 0 with a blank response text. Looking at the network calls, I can see that I am authenticating successfully and navigating to the correct folders and retrieving a list of files but it will no longer download those files.
Looking deeper, I can see the initial response to each file download returns a status 307 (temporary redirect) and a redirect location in the response header. The browser automatically processes the location with a new request header but I do not get a response with any content, rather just an error with the status 0.
Is there a specific reason for the status 307 and is there a special way in which they should be handled?
This is the code used to download:
// Download file contents
downloadFile: function ( fileItem, callback ) {
var me = this,
accessToken,
xhr;
if ( fileItem.downloadUrl ) {
accessToken = gapi.auth.getToken().access_token;
xhr = new XMLHttpRequest();
xhr.onerror = function () {
callback( { error: { code: xhr.status, message: xhr.statusText } } );
};
xhr.open( 'GET', fileItem.downloadUrl, true );
xhr.setRequestHeader( 'Authorization', 'Bearer ' + accessToken );
xhr.overrideMimeType( "application/json" );
xhr.onreadystatechange = function () {
var DONE = this.DONE || 4;
if ( xhr.readyState === DONE ) {
if ( xhr.status === 200 ) {
callback( xhr.responseText );
} else {
callback( { error: { code: xhr.status, message: xhr.statusText } } );
};
};
};
xhr.send();
} else {
callback( { error: { code: "?", message: "Downloaded URL not specified" } } );
};
},
I am closing this question despite not getting a resolution. I have updated my code to use v3 of the Google Drive api and have got it working using that.
Strangely, if I used the HTTP request Url 'https://www.googleapis.com/drive/v3/files/<fileId>' it still didn't work but if I used the command:
gapi.client.drive.files.get( {
'fileId': fileItem.id,
'alt': 'media',
'mimeType': fileItem.mimeType
});
it works okay.
Not sure what Google have done as my previous code had been working for a couple of years without any change my end but at least I am back up and running again.
I am extending Ember Simple Auth's base authentication class to allow authentication with Google. So far, it works on Safari 8 and Chrome 41 (both on Yosemite) with no errors. However, on Firefox 35, it throws an Error that does not occur on the other browsers. Here is my Google authenticator class:
App.GoogleAuthenticator = SimpleAuth.Authenticators.Base.extend({
// constants for Google API
GAPI_CLIENT_ID: 'the client id',
GAPI_SCOPE: ['email'],
GAPI_TOKEN_VERIFICATION_ENDPOINT: 'https://www.googleapis.com/oauth2/v2/tokeninfo',
// method for scheduleing a single token refresh
// time in milliseconds
scheduleSingleTokenRefresh: function(time) {
var self = this;
return new Ember.RSVP.Promise(function(resolve, reject) {
Ember.run.later(self, function() {
gapi.auth.authorize({
client_id: self.GAPI_CLIENT_ID,
scope: self.GAPI_SCOPE,
immediate: true
}, function(data) {
if (data && !data.error) {
resolve(data);
} else {
reject((data || {}).error);
}
});
}, time);
});
},
// WIP: recursive method that reschedules another token refresh after the previous scheduled one was fulfilled
// usage: scheduleTokenRefreshes(time until token should refresh for the first time, time between subsequent refreshes)
// usage: scheduleTokenRefreshes(time between refreshes)
scheduleTokenRefreshes: function(time1, time2) {
var self = this;
// if there is a time2, schedule a single refresh, wait for it to be fulfilled, then call myself to schedule again
if (!Ember.isEmpty(time2)) {
self.scheduleSingleTokenRefresh(time1)
.then(function() {
self.scheduleTokenRefreshes(time2);
});
// if there isn't a time2, simply schedule a single refresh, then call myself to schedule again
} else {
self.scheduleSingleTokenRefresh(time1)
.then(function() {
self.scheduleTokenRefreshes(time1);
});
}
},
// method that restores the session on reload
restore: function(data) {
var self = this;
return new Ember.RSVP.Promise(function(resolve, reject) {
console.log(data);
if (Ember.isEmpty(data.access_token)) {
reject();
return;
}
// schedule a refresh 15 minutes before it expires or immediately if it expires in < 15
var timeNow = Math.floor(Date.now() / 1000);
var expiresAt = +data.expires_at;
var timeDifference = expiresAt - timeNow;
var schedulingDelay = Math.floor(timeDifference - 15 * 60);
schedulingDelay = schedulingDelay < 0 ? 0 : schedulingDelay;
self.scheduleTokenRefreshes(schedulingDelay * 1000, 45 * 60);
resolve(data);
});
},
// method that authenticates
authenticate: function() {
var self = this;
return new Ember.RSVP.Promise(function(resolve, reject) {
gapi.auth.authorize({
client_id: self.GAPI_CLIENT_ID,
scope: self.GAPI_SCOPE
}, function(data) {
if (data && !data.error) {
// schedule a refresh in 45 minutes
var schedulingDelay = 45 * 60;
self.scheduleTokenRefreshes(schedulingDelay * 1000);
resolve(data);
} else {
reject((data || {}).error);
}
});
});
},
// method that logs the user out and revokes the token
invalidate: function(data) {
var self = this;
return new Ember.RSVP.Promise(function(resolve, reject) {
// send a GET request to revoke the token
Ember.$.ajax({
type: 'GET',
url: 'https://accounts.google.com/o/oauth2/revoke?token=' + self.get('session.access_token'),
contentType: 'application/json',
dataType: 'jsonp'
})
.done(function(successData) {
resolve(successData);
})
.fail(function(error) {
reject(error);
});
});
}
});
When the popup window closes after a successful login on Google's end, this error appears on Firefox's console:
Error: Assertion Failed: Error: Permission denied to access property 'toJSON' ember.js:13749
"__exports__.default<.persist#http://127.0.0.1/~jonchan/test/bower_components/ember-simple-auth/simple-auth.js:1524:1
__exports__.default<.updateStore#http://127.0.0.1/~jonchan/test/bower_components/ember-simple-auth/simple-auth.js:1195:11
__exports__.default<.setup#http://127.0.0.1/~jonchan/test/bower_components/ember-simple-auth/simple-auth.js:1149:9
__exports__.default<.authenticate/</<#http://127.0.0.1/~jonchan/test/bower_components/ember-simple-auth/simple-auth.js:1066:13
tryCatch#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:47982:16
invokeCallback#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:47994:17
publish#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:47965:11
#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:29462:9
Queue.prototype.invoke#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:848:11
Queue.prototype.flush#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:913:13
DeferredActionQueues.prototype.flush#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:718:13
Backburner.prototype.end#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:143:11
createAutorun/backburner._autorun<#http://127.0.0.1/~jonchan/test/bower_components/ember/ember.js:546:9
" ember.js:29488
Here is the version information:
DEBUG: Ember : 1.9.1
DEBUG: Ember Data : 1.0.0-beta.14.1
DEBUG: Handlebars : 2.0.0
DEBUG: jQuery : 2.1.3
DEBUG: Ember Simple Auth : 0.7.2
The most confounding thing is that this only appears on Firefox. Is it a bug in Ember Simple Auth or Ember? How do I fix it?
I do not know about only Firefox throwing an error (I've had a similar error with Chrome 40), but there is a bug in ember-simple-auth 0.7.2 with Ember 1.9 that prohibits sending an actual error response in the authenticate method in the authenticator.
If you return reject() in the rejection function of authenticate it will not throw an additional error. This will however not propagate the errorstatus or message, so I consider this a bug.
A work-around was proposed on github about this issue by setting Ember.onerror=Ember.K temporarily so additional errors will not be propagated, although it will propagate the original authenticate rejection with the error-status.
The issue in the github repo only mentions problems with testing this, but I've had this problem in normal code.
see: https://github.com/simplabs/ember-simple-auth/issues/407
Turns out the error was on the resolve part of the authenticate method. Here is what fixed it:
App.GoogleAuthenticator = SimpleAuth.Authenticators.Base.extend({
authenticate: function() {
return new Ember.RSVP.Promise(function(resolve, reject) {
gapi.auth.authorize({
client_id: 'the client id',
scope: ['the scopes'],
}, function(data) {
if (data && !data.error) {
resolve({
access_token: data.access_token // !! passing the entire 'data' object caused the error somehow
});
} else {
reject((data || {}).error);
}
});
});
},
// ...
});
I'm still not quite sure why this caused the error. Perhaps the Google API's response (in its entirety) is somehow incompatible with Ember Simple Auth.
I'm trying to send an email via parse.com via mandrill. The examples are very easy to follow, but I'm getting a strange error.
here is my code:
Parse.Cloud.afterSave("ip", function(request) {
var IPLogger_config = require('cloud/mandrillapp_config.js');
var Mandrill = require('mandrill');
Mandrill.initialize(IPLogger_config.mandrillAppKey);
console.log('within afterSave for ip');
console.log(request.object.id);
var ip = Parse.Object.extend("ip");
var query = new Parse.Query(ip);
query.descending("createdAt");
query.limit(2); // limit to at most 2 results
query.find({
success: function(results){
console.log('success query');
console.log('got ' + results.length + ' results');
var newestIp = results[0];
var olderIp = results[1];
if (newestIp.get('ip') == olderIp.get('ip') ) {
// the newest ip and the older one are equal, do nothing.
console.log('No ip change');
} else
{
console.log('ip change!');
console.log(Mandrill.initialize);
console.log(Mandrill.sendEmail);
Mandrill.sendEmail({
message: {
text: "The IP of your server has changed! The new ip is: " + newestIp.get('ip') ,
subject: "The IP of your server has changed!",
from_email: "parse#cloudcode.com",
from_name: "IPLogger",
to: [
{
email: IPLogger_config.your_email,
name: IPLogger_config.your_name
}
]
},
async: true
},{
success: function(httpResponse) {
console.log(httpResponse);
response.success("Email sent!");
},
error: function(httpResponse) {
console.error(httpResponse);
response.error("Uh oh, something went wrong");
}
});
}
},
error: function (error){
console.log('no success for query');
console.error("Got an error " + error.code + " : " + error.message);
}
});
});
my mandrillapp_config.js looks like this:
var IPLogger_config = {};
IPLogger_config.mandrillAppKey = "xxx";
IPLogger_config.your_email = 'myemail#bla.com';
IPLogger_config.your_name = 'myName';
The mandrillAppKey is correctly set. I double checked that. Sending email from mandrill website also works. I just created a new account and did no other settings on the mandrill site.
I'm getting this error: "code":-1,"name":"ValidationError","message":"You must specify a key value". In https://www.parse.com/questions/sometimes-getting-mandrill-you-must-specify-a-key-value-error-when-sending-email is written that the header might be wrong, but as you can see on my log, the "Content-Type":"application/json; charset=utf-8" is set correctly.
I2014-06-09T22:34:20.601Z] {
"uuid":"fbb215c4-1d2a-e2da-23fc-a838bd6bf217",
"status":500,
"headers":{
"Access-Control-Allow-Credentials":"false",
"Access-Control-Allow-Headers":"Content-Type",
"Access-Control-Allow-Methods":"POST, GET, OPTIONS",
"Access-Control-Allow-Origin":"*",
"Connection":"close",
"Content-Encoding":"gzip",
"Content-Type":"application/json; charset=utf-8",
"Date":"Mon, 09 Jun 2014 22:34:20 GMT",
"Server":"nginx/1.6.0",
"Vary":"Accept-Encoding",
"X-Powered-By":"PHP/5.3.10-1ubuntu3.11"
},
"text":"{\"status\":\"error\",\"code\":-1,\"name\":\"ValidationError\",\"message\":\"You must specify a key value\"}",
"data":{"status":"error","code":-1,"name":"ValidationError","message":"You must specify a key value"},
"buffer":{"0":123,"1":34,"2":115,"3":116,"4":97,"5":116,"6":117,"7":115,"8":34,"9":58,"10":34,"11":101,"12":114,"13":114,"14":111,"15":114,"16":34,"17":44,"18":34,"19":99,"20":111,"21":100,"22":101,"23":34,"24":58,"25":45,"26":49,"27":44,"28":34,"29":110,"30":97,"31":109,"32":101,"33":34,"34":58,"35":34,"36":86,"37":97,"38":108,"39":105,"40":100,"41":97,"42":116,"43":105,"44":111,"45":110,"46":69,"47":114,"48":114,"49":111,"50":114,"51":34,"52":44,"53":34,"54":109,"55":101,"56":115,"57":115,"58":97,"59":103,"60":101,"61":34,"62":58,"63":34,"64":89,"65":111,"66":117,"67":32,"68":109,"69":117,"70":115,"71":116,"72":32,"73":115,"74":112,"75":101,"76":99,"77":105,"78":102,"79":121,"80":32,"81":97,"82":32,"83":107,"84":101,"85":121,"86":32,"87":118,"88":97,"89":108,"90":117,"91":101,"92":34,"93":125,"length":94,
"parent":{"0":123,"1":34,"2":115,"3":116,"4":97,"5":116,"6":117,"7":115,"8":34,"9":58,"10":34,"11":101,"12":114,"13":114,"14":111,"15":114,"16":34,"17":44,"18":34,"19":99,"20":111,"21":100,"22":101,"23":34,"24":58,"25":45,"26":49,"27":44,"28":34,"29":110,"30":97,"31":109,"32":101,"33":34,"34":58,"35":34,"36":86,"37":97,"38":108,"39":105,"40":100,"41":97,"42":116,"43":105,"44":111,"45":110,"46":69,"47":114,"48":114,"49":111,"50":114,"51":34,"52":44,"53":34,"54":109,"55":101,"56":115,"57":115,"58":97,"59":103,"60":101,"61":34,"62":58,"63":34,"64":89,"65":111,"66":117,"67":32,"68":109,"69":117,"70":115,"71":116,"72":32,"73":115,"74":112,"75":101,"76":99,"77":105,"78":102,"79":121,"80":32,"81":97,"82":32,"83":107,"84":101,"85":121,"86":32,"87":118,"88":97,"89":108,"90":117,"91":101,"92":34,"93":125,"length":94},"offset":0},"cookies":{}}
Where can be the problem? any ideas how to get it running?
thank you very much!
I finally found the problem. There was en error in the config script.
it need to look like this:
var IPLogger_config = {};
IPLogger_config.mandrillAppKey = "xxx";
IPLogger_config.your_email = 'myemail#bla.com';
IPLogger_config.your_name = 'myName';
exports.IPLogger_config = IPLogger_config;
in the main.jsfile, the resources of the config file need to be called like this:
var config = require('cloud/mandrillapp_config.js');
Mandrill.initialize(config.IPLogger_config.mandrillAppKey);
and now it works fine.